converted to 1.6 markup
|Deletions are marked like this.||Additions are marked like this.|
|Line 48:||Line 48:|
|Your httpd must be configured so that it listens on a dedicated port. The standard port 80 won't work. We currently have no restriction on which users can listen on which ports above 1024, but we plan to implement a firewall soon, similar to what we had on our old server fyodor. So please submit a firewall rule request on [[https://members.hcoop.net/portal/sec|the portal's security settings page]], so that when we enable the firewall and binding restrictions, we know to leave the ports open for you.||Your httpd must be configured so that it listens on a dedicated port. The standard port 80 won't work. We use a firewall to keep track of which ports members are using. Submit a firewall rule request on [[https://members.hcoop.net/portal/sec|the portal's security settings page]] to get Proxied``Server ports.|
|Line 76:||Line 76:|
| proxyPass "/" "http://localhost:8880/";
proxyPassReverse "/" "http://localhost:8880/";
| proxyPass "/" "http://bog:8880/";
proxyPassReverse "/" "http://bog:8880/";
|Line 88:||Line 88:|
This page describes how to run your own apache HTTP daemon, for example if you have special needs regarding apache modules etc.
1. Apache setup and startup
Get a working apache/mod_python installation (in your home dir), and set up a startup procedure, so that cron starts your daemon when mire reboots. In case the webserver process should crash, apache should be started again, too. The following shell script checks if apache is running and starts it if not (adjust the environment variables in the beginning accordingly):
HOME=/afs/hcoop.net/user/...path to your home dir... # Adjust this!!! SERVERROOT=$HOME/apache2 # The server root directory PIDFILE=$SERVERROOT/logs/httpd.pid # Process PID gets stored here HTTPD=$SERVERROOT/bin/httpd # The httpd executable K5START="k5start -qtU -f /etc/keytabs/user.daemon/USER" # Adjust this!!! # This is needed for mod_python export PYTHONPATH="/afs/hcoop.net/user/b/be/beni/python" if (test -f $PIDFILE); then #if ($K5START -- test `ls $PIDFILE`); then PID=`cat $PIDFILE 2> /dev/null` kill -0 $PID 2> /dev/null if (test $? -ne 0); then $K5START -b -- $HTTPD -d $SERVERROOT -DFOREGROUND else exit 0 fi else $K5START -b -- $HTTPD -d $SERVERROOT -DFOREGROUND fi exit 0
Save the script in a place like $HOME/bin and use cron to execute this script after reboots and every now and then to check if apache is still up and running (adjust capitalized parts):
@reboot k5start -qtU -f /etc/keytabs/user.daemon/USER -- PATH_TO_SCRIPT 0-59/5 * * * * k5start -qtU -f /etc/keytabs/user.daemon/USER -- PATH_TO_SCRIPT
1.1. Port issues
Your httpd must be configured so that it listens on a dedicated port. The standard port 80 won't work. We use a firewall to keep track of which ports members are using. Submit a firewall rule request on the portal's security settings page to get ProxiedServer ports.
Put a line like this into httpd.conf to configure apache so that it listens on this port only:
Listen 8880 # Whatever port number you got
1.2. mod_python specials
Apache needs to know where in the Python path to look for mod_python. You need to add the mod_python location to your PythonPath in httpd.conf:
<IfModule mod_python.c> PythonPath "sys.path + ['/afs/hcoop.net/WHEREVER_MOD_PYTHON_IS_INSTALLED']" </IfModule
2. domtool config
Next you need "port forwarding" of http requests for your domain to your own httpd (so that you don't need to use addresses like http://www.siebengang.net:8880/index.html, but http://www.siebengang.net/index.html gets "mapped" to port 8880). In the domtool setup for http://www.siebengang.net/ this looks like
domain "siebengang.net" with (* NS/DNS/Mail stuff omitted *) web "www" with proxyPass "/" "http://bog:8880/"; proxyPassReverse "/" "http://bog:8880/"; end; end;
That should be about all you need...
3. Possible AFS problems
In our AFS environment apache has to be started through k5start to get the right file permissions. However, as a default, httpd detaches from its parent process after the completed startup. This would make it impossible for k5start to renew AFS tickets for the process. The -DFOREGROUND option prevents apache from doing so, and with -b k5start can take care of the backgrounding instead.
If you do not consider this, you may run into "permission denied" problems (see Bugzilla bug 291).